Intrusion PreventionMS.IE.WMF.Code.Execution
Description
This indicates an attempt to exploit a vulnerability in the Microsoft Windows WMF graphics rendering engine. A remote attacker can use the SetProcAbort function in a WMF image file to include code that will execute when the image is viewed. The attacker may be able to execute arbitrary code on the system, with administrator privileges if the image is viewed by an administrator.
Affected Products
Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and SP1
Microsoft Windows Server 2003 for Itanium-based Systems and SP1
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Impact
System compromise, arbitrary code execution.
Recommended Actions
Microsoft Security Bulletin MS06-001 addresses this issue.
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-10 | 14.629 | Sig Added |
| ID | 11573 |
| Created | Dec 28, 2005 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2005-4560 |
| Exploit Prediction Score | 97.36% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |